[SPKM] SPKM Design Team Meeting Notes
"Liqiang(Larry) Zhu" <lzhu@windows.microsoft.com> Wed, 07 February 2007 01:14 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HEbOi-00069G-6c; Tue, 06 Feb 2007 20:14:56 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HEbOh-00069B-J1 for spkm@ietf.org; Tue, 06 Feb 2007 20:14:55 -0500
Received: from mail2.microsoft.com ([131.107.115.215] helo=smtp.microsoft.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HEbOd-0000Ul-2o for spkm@ietf.org; Tue, 06 Feb 2007 20:14:55 -0500
Received: from tk1-exhub-c103.redmond.corp.microsoft.com (157.56.116.114) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.0.685.24; Tue, 6 Feb 2007 17:14:50 -0800
Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com (157.54.0.39) by tk1-exhub-c103.redmond.corp.microsoft.com (157.56.116.114) with Microsoft SMTP Server id 8.0.685.25; Tue, 6 Feb 2007 17:09:16 -0800
Received: from WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com ([157.54.62.25]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3790.3953); Tue, 6 Feb 2007 17:09:16 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 06 Feb 2007 17:09:15 -0800
Message-ID: <CAAAEFE273EAD341A4B02AAA9CA6F733048AD827@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: SPKM Design Team Meeting Notes
Thread-index: AcdKVJWPkb8avolDTLqQ1ZvcoSbvdw==
From: "Liqiang(Larry) Zhu" <lzhu@windows.microsoft.com>
To: spkm@ietf.org
X-OriginalArrivalTime: 07 Feb 2007 01:09:16.0427 (UTC) FILETIME=[96652DB0:01C74A54]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f6ef73100908d67495ce675c3fe8f472
Cc: Sam Hartman <hartmans@mit.edu>
Subject: [SPKM] SPKM Design Team Meeting Notes
X-BeenThere: spkm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Low Infrastructure Public Key GSS mechanism <spkm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/spkm>
List-Post: <mailto:spkm@ietf.org>
List-Help: <mailto:spkm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/spkm>, <mailto:spkm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0401770283=="
Errors-To: spkm-bounces@ietf.org
On 1/16/2007, the SPKM design team Larry Zhu, Nicolas Williams and Olga Kornievskaia had a conf call that was aimed to produce a comparison of PkU2U and the TLS mechanism for the community so the community can decide between them. Here is the list of things that came up: PKU2U has a draft, hence the description is omitted here. PKU2U Pros: ---------- 1) Kerberos alike, easy to implement for folks who already have a PKINIT and a Kerberos implementation 2) one less round trip per handle-shake PKU2U Cons: ---------- 1) not easier than TLS approach for folks who do not have a PKINIT implementation 2) this is a new mechanism TLS approach currently does not have a draft. Here is a brief description: at high level, it can be based on TLS or Datagram TLS. And per-message tokens are based on RFC4121, in the same way how PKU2U per-message tokens work. TLS approach Pros: ----------------- 1) this is based on an existing mechanism that is mature 2) this is the single mechanism for certificate-based peer to peer authentication mechanism. 3) open source TLS implementations are available TLS approach Cons: ------------------ 1)at least 2 extra messages (one extra roundtrip) per handshake The design team discussed the differences in encoding of the context-establishment tokens employed by these two approaches, and did not believe the differences are significant to make one preferable over the other. Olga raised objections to PKU2U on the ground it is dependent on Kerberos. She also considered the PKU2U ID underspecified and significant work need to be done to wrap up PKU2U. The design team acknowledged that common problems exist such as GSS-API naming based on distinguished names, channel bindings, certificate selections, and credentials managements. --Larry
_______________________________________________ SPKM mailing list SPKM@ietf.org https://www1.ietf.org/mailman/listinfo/spkm
- [SPKM] SPKM Design Team Meeting Notes Liqiang(Larry) Zhu
- Re: [SPKM] SPKM Design Team Meeting Notes Sam Hartman
- Re: [SPKM] SPKM Design Team Meeting Notes Nicolas Williams
- Re: [SPKM] SPKM Design Team Meeting Notes Love Hörnquist Åstrand
- Re: [SPKM] SPKM Design Team Meeting Notes Jeffrey Hutzelman